Privacy Policy - PromptPandas 🐼

                TL;DR: We only collect what we need to make PromptPandas work. Prompts and uploaded datasets are processed to provide scoring and improvements, we do not sell your data, and we do not use your inputs to train our own models.
            

1. Introduction

Welcome to PromptPandas ("we", "our", or "us"). This Privacy Policy explains how we collect, use, store, and protect your information when you use our prompt optimization service, including both our web application and browser extension.

2. Information We Collect

2.1 Account Information

Email address: Used for account creation and authentication
Authentication data: Handled securely through Supabase
Profile preferences: Your optimization goals and settings

2.2 Prompt Data

Your prompts: The text you submit for analysis and improvement
Uploaded datasets: Dataset files and related metadata you upload for analysis workflows
Optimization results: Scores, feedback, and improved variants we generate
Usage analytics: How you interact with our service (anonymized)
Prompt history: Your saved and favorited prompts

                Important Use Limitation: Use PromptPandas only for code assistance, synthetic datasets, and public or non-sensitive data. Do not upload proprietary research, clinical trial data, PHI, or internal company information.
            

2.3 Technical Information

Browser data: User agent, language preferences
Performance metrics: Response times and error rates (anonymized)
Feature usage: Which tools and options you use
Extension settings: API endpoints and optimization preferences (for browser extension users)

3. How We Use Your Information

3.1 Core Service

Process your prompts through AI models (OpenAI, Anthropic, Google)
Generate scores and improvement suggestions
Store your prompt history and favorites
Provide gamification features (achievements, progress tracking)
Enable browser extension functionality

3.2 Service Improvement

Monitor operational metrics to improve reliability and service quality
Monitor performance and fix issues
Develop new features based on user needs
Prevent abuse and ensure service reliability

3.3 Model Training and AI Providers

We do not use your prompts or uploaded datasets to train our own models
Your prompts/datasets are sent to selected third-party AI providers only to generate requested outputs
Third-party providers handle data under their own terms and policies; review provider terms for any model-improvement practices they may apply

                Important: Your prompts are sent to third-party AI services (OpenAI, Anthropic, Google) for processing. Please review their privacy policies as well.
            

4. Data Sharing and Third Parties

4.1 AI Service Providers

We share your prompts with AI service providers to generate scores and improvements:

OpenAI: For GPT model processing
Anthropic: For Claude model processing
Google: For Gemini model processing
OpenRouter: For accessing various AI models

4.2 Infrastructure Providers

Supabase: Database and authentication services
Render: Application hosting and deployment
Chrome Web Store: Extension distribution (for browser extension)

4.3 What We Don't Do

We don't sell your data to advertisers or data brokers
We don't use your prompts to train our own models
We don't share personal information with unauthorized parties
We don't collect unrelated browsing history

5. Data Security

5.1 Encryption and Protection

All data transmission uses HTTPS/TLS encryption in transit
Stored data is protected with encryption at rest through our infrastructure providers
Database connections are encrypted and secured
API keys and sensitive data are stored securely
Regular security audits and updates

5.2 Access Controls

Limited access to production data by authorized personnel only
Multi-factor authentication for administrative access
Role-based permissions, regular access reviews, and permission audits

6. Your Rights and Controls

6.1 Account Control

Access: View all your stored data through your account
Modify: Update your profile and preferences
Delete: Submit an account/data deletion request
Export: Download your data in a portable format

When you request account deletion, we begin removing removable personal data (including prompts and uploaded datasets) immediately and complete deletion obligations within up to 45 days, except where longer retention is required by law or for security/legal obligations.

6.2 Data Rights Actions

Policy access: View this privacy policy at any time
Export: Download your account data in a portable format
Delete: Submit account/data deletion requests from profile controls
Extension settings: Manage browser extension permissions and local settings

7. Data Retention

Active accounts: Data retained as long as account is active
Inactive accounts: Data may be deleted after 2 years of inactivity
Prompts and uploaded datasets: Retained under your account until you delete them or your account is deleted
Deleted accounts: Deletion requests are processed within up to 45 days
Operational analytics: Aggregated performance and reliability metrics may be retained longer for service operations
Extension data: Stored locally in Chrome storage with keys like optimizationEnabled and apiEndpoint

8. Browser Extension Specifics

Our browser extension:

Only processes prompt text you explicitly choose to optimize
Stores settings locally in your browser
Does not collect unrelated browsing history
Does not collect payment information
Connects to your configured PromptPandas API endpoint

9. Cookies and Tracking

We use minimal cookies and tracking technologies:

Authentication cookies: Keep you signed in
Preference cookies: Remember your settings
Analytics: Basic usage statistics (anonymized)

We don't use advertising cookies or cross-site tracking.

10. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers.

11. Data Processing Agreement (DPA)

We offer a Data Processing Agreement (DPA) for business and enterprise customers that need contractual data protection terms. The DPA covers processing instructions, confidentiality, subprocessors, security measures, and data subject rights support.

To request a DPA, contact promptpandas@gmail.com with your organization name and account details.

12. Children's Privacy

PromptPandas is not intended for children under 13. We don't knowingly collect personal information from children under 13. If we become aware of such collection, we will delete the information promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through:

Email notification to your registered address
Notice on our website and application
In-app notifications for major changes

14. Legal Basis (GDPR)

For users in the EU, our legal basis for processing your data:

Contract performance: Providing our prompt optimization service
Legitimate interests: Service improvement and security
Consent: Account choices where required by local law

15. Contact Information

Questions About This Privacy Policy?

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: promptpandas@gmail.com
GitHub: Report an issue
Support: Available through the in-app help system
Project Support: Contact through your project support channel

We aim to respond to privacy inquiries as quickly as possible and process validated deletion requests within up to 45 days.

Open Source Notice: PromptPandas is open source software. You can review our code and data handling practices on GitHub.